Author
Topic: NANY 2011 Release: JottiQ (Read 120048 times)

Sweet. Thanks for the link, app103! I used to keep a close eye on articles for a while, but since Gothi[c] went a-magicking with awstats I've not really been able to keep an eye on fresh referers.

With regards to the proxy thing - I'll bring out a test build later today that hopefully solves your problem, sujay85. I lack the environment to properly test all of this (authenticated) proxy stuff, so I hope we'll have a few willing testers for whom 1.0.3 does not work properly.

Does Internet Explorer (most other browsers have other mechanisms for auth.proxies!) present you a proxy-login-page when you start browsing, or is it automagically providing the proper credentials to the proxy?

With regards to the proxy thing - I'll bring out a test build later today that hopefully solves your problem, sujay85. I lack the environment to properly test all of this (authenticated) proxy stuff, so I hope we'll have a few willing testers for whom 1.0.3 does not work properly.

No problem. i will let you know whether that will work or not. FYI till now no other such tools like virustotal uploader/novirusthanks uploader does this authentication. If you can solve this it will be the first of its kind...

You mention something of a popup and such. Is it some builtin Internet Explorer thing, or does it show for all browsers? Could you share a screenshot?

I think the solution I have in mind code-wise does not support popping up any dialogs, so it might not fix your issue and I've had to look at something else.

Hi,All browsers show that dialogue/pop-up box. Give me some time, I will post the screenshots on Monday..I know nothing about coding, but you may not use that pop-up box rather set that setting permanently like in the following screenie (this one is in Bullguard AV)

I am hesitant to use a separate screen as it would very likely mean I'd have to get down into proxy nitty gritty. If at all possible, I want to use existing (builtin) Windows settings as that is how users would probably expect it to work.

Apologies for not getting around to coding that test build I promised. I just haven't gotten around to it, but it is most definitely on my list of things to do.

I am hesitant to use a separate screen as it would very likely mean I'd have to get down into proxy nitty gritty. If at all possible, I want to use existing (builtin) Windows settings as that is how users would probably expect it to work.

Apologies for not getting around to coding that test build I promised. I just haven't gotten around to it, but it is most definitely on my list of things to do.

worstje:The standard procedure with authenticating proxies and other authenticating services, is to set up the credentials in your connection object, and then make the connection. The connection stuff then either automatically performs the authentication or fires an event (.NET kinda standard behavior) that you implement and return the proper credential information.

It's quite useless (iow nearly impossible) to try and catch the login page fired at browsers, as that's often a javascript page, you will have great difficulty executing in your application (JottiQ in this case)

Right. I'm with you so far, and I actually looked into that stuff already. But if there's standard facilities to authenticating proxies, there should probably be some sort of Windows-wide data repository for that stuff I can (ab)use? If a system has a proxy configured it would be silly to make a user configure it separately for JottiQ.

Too many settings are a bad thing by my book, so if I can avoid any sort of data entry that is JottiQ specific that would make me happy.

If the authentication for browsers is a webpage, then I assume it could be using cookies to store any previous used credentials, but that should be provided by the proxy, and is probably not re-usable by other applications.

Most other apps I use (Avast, Eclipse, and other stuff) have in their network page a proxy setting that facilitate optionally setting the authentication parameters, next to the proxy address, so I'm afraid that there's not much hope for a common solution. You could re-use the parameters of any of the other apps to provide these to the proxy, but what common app to choose? It wonders me (too) that Windows Internet settings page doesn't have an option to define this.

Okay thank you. Seems I am indeed stuck doing things that way. Ath, when I get around to it, I hope there's no issue if I ask you to test? I seem to recall you had a rather diverse (software) environment to test with, and you seem to know the subject quite well to boot.

Well, I've been behind a proxy (here, at home) for over 14 years now, and that was just because my ISDN connection could be turned of and off by the proxy software, and I sticked with it because all my e-mail configurations would have to be changed again and again. And for the extra security ofcourse, as there's also a firewall on that machine.

Not sure if I can configure it to do the authentication without messing things up big time, here, but I'll try, just for fun, or set up something in VMWare Will probably end up sometime next week, though (assuming you're ready before the weekend), got a busy weekend ahead.

If there is anything else you want to know, check the first post in this topic or see the website. Or simply ask in this topic; I'll be glad to answer any questions there may be.

The JottiQ website still needs a day or two to get polished with regards to this release; I haven't managed to update it as much as I planned to for this release and at this moment, information regarding the new release and its features is decidedly lacking on there.

v1.1.0 (2011-07-01)

Six months after the official release, it is time for a well-deserved update. Sadly, there isn't much one can improve in a tool with a simple purpose. However, I hope this new version will entertain.

Added: Forks support. Also known as 'Alternative Data Streams', these are a well-hidden feature of the NTFS filesystem which provide for equally well-hidden pseudo-files attached to existing files. Most programs are unable to read them, no less act on them - which makes this a feature that truly improves Jotti's malware scan. Added: Proxy server support. Added: Connectivity test for troubleshooting issues. Some beta-testers for this version had problems with proxy server support, but it will hopefully prove useful for all parties. Added: A builtin 'whitelist' for forks. The feature is sometimes used for legitimate reasons, and one of those affects nearly every file downloaded. The whitelist exists for speeding up processing only; security-minded (distrusting?) individuals are free to enable the option that forces these whitelisted forks to appear in the queue. Added: A 'whitelist fork by name' option. If the precise comparisons on a possibly whitelisted fork prove troublesome, this enables one to consider the fork safe by proxy of its name. This feature as a work- around for 'Zone.Identifier' forks encoded in different formats than I have been able to test with - so if one finds a 'Zone.Identifier' fork that is not whitelisted, I request that this forks is saved to a file and sent to me at: jottiq-whitelist (at) whitehat.dcmembers.com so I may inspect it and if is found safe, add it to the whitelist in the next version. TL;DR? Don't enable unless you know you need it. Added: The queue context menu now offers an Actions sub-menu. These contain actions that affect the selected objects (files and/or forks) in the queue physically. There are currently two items in this menu: - Delete Object(s): This either deletes the selected file(s) permanently, or it removes the selected fork(s) from the file. Do note that deleting a file also deletes its forks, but that deleting a fork on a file leaves the latter intact. I remain of the opinion that JottiQ is an investigative tool rather than a cleaner, but... the peoples wishes are clear and forks are hard to delete, so deleting files is a logical consequence. - Save Fork As: This saves the contents of a fork to a file. This does not work for ordinary files as it would be a mere 'Copy' operation that may or may not bring expectations along with it; instead it is to be used as an inspection utility for a resource otherwise difficult to examine. Added: An 'Add file(s)' feature is now available in the toolbar. It completely slipped my attention in the 1.0.x versions, for which my apologies. Rather late than never. Removed: The 'Add Running Processes' functionality is no longer present. It was determined to be an inappropriate feature that only delivered half work, and to boot the reason why Jotti's malware scan suffers such ungodly waiting times during the waking hours of the western world ever since JottiQ's release. Fixed: No more crash when down-sizing the amount of worker-threads. Fixed: Legibility of items on right pane could suffer in certain colour configurations; now it uses proper system colours where applicable. Fixed: Zero-byte items were not being removed by the manual nor automatic 'Remove safe items' features. Fixed: Deleting items from the queue while it was being processed no longer makes the worker-thread go M.I.A. until it finishes its work off the screen; it now terminates and moves on to the next item in the list as soon as possible. Changed: Uploading should be a little bit more efficient now. Changed: Fancy progress bars that show upload progress are now in place as opposed a boring textual description. Changed: Redesigned the Settings window with clearly named sections and recognizable icons in order to make JottiQ configuration more accessible. Changed: The instruction text in the main screen no longer suggests one to 'start processing' when processing is already enabled.

Version 1.1.1 is now out. No bugs were fixed; but a setting was added to play nice with domains and group policies that mess up the SSL certificate validation of Jotti's malware scan. While Internet Explorer would give you a warning and the option to ignore and continue on your own risk, the .NET framework is quite a bit tougher and more unforgiving in that regard. Thanks go to sujay85 to put up with the small dozen private messages I exchanged with him over the past two weeks, and the test builds that were created as a result.

If there is anything else you want to know, check the first post in this topic or see the website. Or simply ask in this topic; I'll be glad to answer any questions there may be.

v1.1.1 (2011-07-12)

Any new version released suffers from a few hiccups, and v1.1.0 was no different. Thankfully, all this release does is pat the proverbial belly.

Added: A setting that, if enabled, lessens the scrutiny given to the remote server of Jotti's malware scan to determine its authenticity. 'Ignore certain SSL certificate errors' is only useful on a few specific configurations, and should not be enabled unless you get an error like the following in the Connectivity Test: 'The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.' Changed: dcuhelper.exe was updated to v1.10.01 released on July 12, 2011.

Version 1.2.0 is now out. Sadly though, this release adds nothing new; it only prevents breakage in the nearby future. Because upgrading really matters to keep JottiQ working, I decided to engage in some psychological warfare and bump up the minor version to v1.2.0 rather than going with a more sensible v1.1.2.

Jotti is in the process of revitalizing his service with new features, amongst which is the ability to deal with the load JottiQ threw at it during its release. (That last thing has been implemented for a while I believe; I haven't seen a server-side queue in ages!) Some of his upcoming changes however are not compatible with JottiQ (broken scan results link, anti-virus images moving and such), so an update is required for continued functioning.

I do hope to get back into JottiQ development again. I still have some plans for it. But for now, I am going to wait and see to what degree Jotti's upcoming changes affect things. Some of the features I'd love to implement require a little bit of help from him, and he understandably needs to focus on his current efforts first.

If there is anything else you want to know, check the first post in this topic or see the website. Or simply ask in this topic; I'll be glad to answer any questions there may be.

v1.2.0 (2015-03-24)

Compatibility release. Jotti is undergoing some changes so we must too.

Upgrading is highly recommended; previous versions of JottiQ may break or otherwise show reduced functionality as Jotti improves his service.

Edit: It seems the DCMembers server has some issues at present, so I can't actually update the website right now. But I hopefully will be able to do so soon!